<?php
 /*****************************************************************************
 * upload.php                                                                 *
 * Last Modified: 2007-06-07                                                  *
 *                                                                            *
 * upload.php is the driver file to upload the specified file to tblSysInfo   *
 * from the form on files.php.                                                *
 *                                                                            *
 * BBG_Billing, a PHP application using MySQL for creating and maintaining a  *
 * contacts and invoices database.                                            *
 *                                                                            *
 * @copyright Copyright (C) 2007, Bugs Bee Gone Computer Services             *
 * @owner     Daniel Barnett (Bugs Bee Gone Computer Services)                *
 * @author    Daniel Barnett <dbarnett@bugsbeegone.com>                       *
 * @website   http://www.bugsbeegone.com                                      *
 * @license   http://www.gnu.org/licenses/gpl.html GNU General Public License *
 * @package   BBG_Billing                                                     *
 * @name      upload.php                                                      *
 * @version   1.0.0                                                           *
 * @uses      Jpmaster77's Login Script (Written by: Jpmaster77, 2004-08-19)  *
 *             ->(http://www.evolt.org/PHP-Login-System-with-Admin-Features/) *
 *                                                                            *
 * This file is part of the "BBG_Billing" PHP application.                    *
 *                                                                            *
 * BBG_Billing is free software; you can redistribute it and/or modify        *
 * it under the terms of the GNU General Public License as published by       *
 * the Free Software Foundation; either version 2 of the License, or          *
 * (at your option) any later version.                                        *
 *                                                                            *
 * BBG_Billing is distributed in the hope that it will be useful,             *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
 * GNU General Public License for more details.                               *
 *                                                                            *
 * You should have received a copy of the GNU General Public License          *
 * along with BBG_Billing; if not, write to the Free Software                 *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA *
 *****************************************************************************/


    // Require session.php for user access control
    require "include/session.php";

    // If user is not logged in, redirect to main.php
    if(!$session->logged_in){
        header("Location: main.php");
        exit();
    }

    // If user is not an administrator, redirect to main.php
    if(!$session->isAdmin()){
        header("Location: main.php");
        exit();
    }

    // If a file was selected on files.php, upload the file...
    if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
        $fileName = $_FILES['userfile']['name'];
        $tmpName = $_FILES['userfile']['tmp_name'];
        $fileSize = $_FILES['userfile']['size'];
        $fileType = $_FILES['userfile']['type'];
        $customerID = $_POST['customerID'];

        $fp = fopen($tmpName, 'r');
        $content = fread($fp, filesize($tmpName));
        $content = addslashes($content);
        fclose($fp);

    // Make upload safe from SQL Injection attacks by adding slashes
    if(!get_magic_quotes_gpc()) {
        $fileName = addslashes($fileName);
    }

    // Require config.inc.php for configuration variables
    require_once "config.inc.php";

    // Connect to MySQL
    mysql_connect($path, $username, $password);
    // Select the database, if error die with error message
    mysql_select_db($database) or die(mysql_error());

    // Define MySQL query to upload the file to the database
    $query = "INSERT INTO tblSysInfo (customerID, name, size, type, content ) ".
    "VALUES ('$customerID', '$fileName', '$fileSize', '$fileType', '$content')";

    // Execute the MySQL query, if error die with error message
    mysql_query($query) or die('Error, query failed'); 

    // Close the connection
    mysql_close();

    // Output success message and redirect to files.php
    echo '<html>';
    echo '<head>';
        echo '<meta http-equiv="refresh" content="0;url=files.php" />';
    echo '</head>';

    echo '<body>';
        echo 'Uploaded $fileName successfully';
    echo '</body>';
    echo '</html>';
} 
?>
